Date: Fri, 17 Aug 2001 14:50:21 +0800 From: "Roger Chien" <roger@broadweb.com.tw> To: <freebsd-security@FreeBSD.ORG> Subject: Re: Silly crackers... NT is for kids... Message-ID: <OGEHKCBPJEPJCGPLOAGEEEFLDGAA.roger@broadweb.com.tw> In-Reply-To: <OE41KHmj9n1xxWn9R6m0000d975@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Don't you know that the effect of Code Red infected machine? Most of them are innocent. BTW, your FreeBSD isn't absolutely secure, apply telnet-AYT patch already? >Subject: Silly crackers... NT is for kids... > > >Hi, > >Recently hundreds of I.P. addresses have been attempting to use an NT >exploit on my FreeBSD web server as if it were an NT server... Apache logs >the attack like this: >ci9809-a.ruthfd1.tn.home.com - - [17/Aug/2001:00:53:16 -0500] "GET >/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX >XXXXXXXXX >XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX >XXXXXXXXX >XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX >XXXXXXXXX >XXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u68 >58%ucbd3% >u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a >HTTP/1.0" 404 276 "-" "-" > >Here's what security tracker has to say about it: >http://securitytracker.com/alerts/2001/Jun/1001788.html > >Apparently this exploits the indexing service in IIS allowing the >cracker to >gain SYSTEM access... > >Now, this does absolutely nothing to my server, as it is a FreeBSD machine >which I believe is decently secure even if the attacks were exploits that >worked on FreeBSD (which they do not). <Snip> >Anyway, its really starting to bug me, it has been going on for a couple of >weeks now, and I am nearing a total of 300 I.P. addresses as the sources... >most of which are low security NT servers on a commercial network such as >AT&T@Home, and RoadRunner... > >Thanks, > >Jordan > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OGEHKCBPJEPJCGPLOAGEEEFLDGAA.roger>